Abstract
A Software-Defined Networking (SDN) controller plays a key role for assuring the security and robustness of its underlying network system. Previous studies focus on eliciting bugs in such SDN controller via penetration testing or fuzzing without considering code coverage feedback from a target controller under testing. We propose FSF, a code coverage-driven SDN fuzzer. We designed and implemented a fuzzing algorithm to take into account coverage differences incurred by mutated OpenFlow (OF) messages. FSF demonstrated its superiority in increasing the code coverage of a target controller and generated unique 146 tests that trigger bugs in the latest version of Floodlight, a well-known open-source SDN controller.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Floodlight. http://www.projectfloodlight.org/floodlight
JaCoCo: Java code coverage library. https://www.jacoco.org/jacoco/
Openflow switch specification: Version 1.3.1. https://www.opennetworking.org/wp-content/uploads/2013/04/openflow-spec-v1.3.1.pdf
Basta, A., Kellerer, W., Hoffmann, M., Morper, H.J., Hoffmann, K.: Applying NFV and SDN to LTE mobile core gateways, the functions placement problem. In: Proceedings of the Workshop on All Things Cellular: Operations, Applications and Challenges, pp. 33–38 (2014)
Benton, K., Camp, L.J., Small, C.: Openflow vulnerability assessment. In: Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151–152 (2013)
Bertaux, L., et al.: Software defined networking and virtualization for broadband satellite networks. IEEE Commun. Mag. 53(3), 54–60 (2015)
Cha, S.K., Woo, M., Brumley, D.: Program-adaptive mutational fuzzing. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 725–741 (2015)
Cohen, D.M., Dalal, S.R., Parelius, J., Patton, G.C.: The combinatorial design approach to automatic test generation. IEEE Softw. 13(5), 83–88 (1996)
Dixit, V.H., Doupé, A., Shoshitaishvili, Y., Zhao, Z., Ahn, G.J.: AIM-SDN: attacking information mismanagement in SDN-datastores. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 664–676 (2018)
Durner, R., Kellerer, W.: The cost of security in the SDN control plane. In: Proceedings of the ACM CoNEXT Student Workshop (2015)
Flauzac, O., González, C., Hachani, A., Nolot, F.: SDN based architecture for IoT and improvement of the security. In: Proceedings of the IEEE International Conference on Advanced Information Networking and Applications Workshops, pp. 688–693 (2015)
Hocevar, S.: zzuf. https://github.com/samhocevar/zzuf
Holler, C., Herzig, K., Zeller, A.: Fuzzing with code fragments. In: Proceedings of the USENIX Security Symposium, pp. 445–458 (2012)
Householder, A.D., Foote, J.M.: Probability-based parameter selection for black-box fuzz testing. Technical report, CMU/SEI-2012-TN-019, CERT (2012)
Jero, S., Bu, X., Nita-Rotaru, C., Okhravi, H., Skowyra, R., Fahmy, S.: BEADS: automated attack discovery in openflow-based SDN systems. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 311–333. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_14
Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., Whyte, S.: Real time network policy checking using header space analysis. In: Proceedings of the USENIX Symposium on Networked Systems Design and Implementation, pp. 99–111 (2013)
Klöti, R., Kotronis, V., Smith, P.: Openflow: a security analysis. In: Proceedings of the IEEE International Conference on Network Protocols, pp. 1–6 (2016)
Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55–60 (2013)
Kreutz, D., Ramos, F.M., Verissimo, P., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)
Lee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P.A.: DELTA: a security assessment framework for software-defined networks. In: Proceedings of the Network and Distributed System Security Symposium (2017)
Lei, X., Huang, J., Hong, S., Zhang, J., Gu, G.: Attacking the brain: races in the SDN control plane. In: Proceedings of the USENIX Security Symposium, pp. 451–468 (2017)
Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32–44 (1990)
Ojo, M., Adami, D., Giordano, S.: A SDN-IoT architecture with NFV implementation. In: Proceedings of the IEEE Globecom Workshops, pp. 1–6 (2016)
Pickett, G.: Abusing software defined networks. In: Proceedings of the Black Hat EU (2014)
Pickett, G.: Staying persistent in software defined networks. Black Hat Briefings (2015)
Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for openflow networks. In: Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 121–126 (2012)
Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: VUzzer: application-aware evolutionary fuzzing. In: Proceedings of the Network and Distributed System Security Symposium (2017)
Rebert, A., Cha, S.K., Avgerinos, T., Foote, J., Warren, D., Grieco, G., Brumley, D.: Optimizing seed selection for fuzzing. In: Proceedings of the USENIX Security Symposium, pp. 861–875 (2014)
Rückert, J., Bifulco, R., Rizwan-Ul-Haq, M., Kolbe, H.J., Hausheer, D.: Flexible traffic management in broadband access networks using software defined networking. In: Proceedings of the IEEE Network Operations and Management Symposium, pp. 1–8 (2014)
Scott, C., et al.: Troubleshooting blackbox SDN control software with minimal causal sequences. ACM SIGCOMM Comput. Commun. Rev. 44(4), 395–406 (2015)
Trivisonno, R., Guerzoni, R., Vaishnavi, I., Soldani, D.: SDN-based 5G mobile networks: architecture, functions, procedures and backward compatibility. Trans. Emerg. Telecommun. Technol. 26(1), 82–92 (2015)
Yoon, C., et al.: Flow wars: systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. Netw. 25(6), 3514–3530 (2017)
Zalewski, M.: American Fuzzy Lop. http://lcamtuf.coredump.cx/afl/
Zeller, A.: Yesterday, my program worked. Today, it does not. Why? In: Proceedings of the ACM SIGSOFT Software Engineering Notes, pp. 253–267 (1999)
Acknowledgements
We thank anonymous reviewers for their helpful feedback. This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2018-0-00254, SDN security technology development).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kim, H., Wi, S., Lee, H., Son, S. (2020). FSF: Code Coverage-Driven Fuzzing for Software-Defined Networking. In: You, I. (eds) Information Security Applications. WISA 2019. Lecture Notes in Computer Science(), vol 11897. Springer, Cham. https://doi.org/10.1007/978-3-030-39303-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-39303-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39302-1
Online ISBN: 978-3-030-39303-8
eBook Packages: Computer ScienceComputer Science (R0)